Forum Discussion
NimbostratusLTM Cipher list - NULL
Hi All,
Running into a problem with building cipher lists.
Trying to build a Cipher list that uses TLS1.2 NULL compression, on LTM 13.0 HF3.
Continued in comment below
2 Replies
lukeoddy_276909[Continued from above, for some reason my post was being flagged as Spam, wouldn't let me post all this as a question]
Here's the output for all NULL ciphers:
tmm --clientciphers 'NULL' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 2 NULL-SHA 0 SSL3 Native NULL SHA RSA 1: 2 NULL-SHA 0 TLS1 Native NULL SHA RSA 2: 2 NULL-SHA 0 TLS1.1 Native NULL SHA RSA 3: 2 NULL-SHA 0 TLS1.2 Native NULL SHA RSA 4: 1 NULL-MD5 0 SSL3 Native NULL MD5 RSA 5: 1 NULL-MD5 0 TLS1 Native NULL MD5 RSA 6: 1 NULL-MD5 0 TLS1.1 Native NULL MD5 RSA 7: 1 NULL-MD5 0 TLS1.2 Native NULL MD5 RSAHere is my attempt at excluding all the non-TLSv1.2 ciphers, which doesn't work as expected:
tmm --clientciphers 'NULL:!SSLv3:!TLSv1:!TLSv1_1' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 2 NULL-SHA 0 SSL3 Native NULL SHA RSA 1: 2 NULL-SHA 0 TLS1 Native NULL SHA RSA 2: 2 NULL-SHA 0 TLS1.1 Native NULL SHA RSA 3: 2 NULL-SHA 0 TLS1.2 Native NULL SHA RSA 4: 1 NULL-MD5 0 SSL3 Native NULL MD5 RSA 5: 1 NULL-MD5 0 TLS1 Native NULL MD5 RSA 6: 1 NULL-MD5 0 TLS1.1 Native NULL MD5 RSA 7: 1 NULL-MD5 0 TLS1.2 Native NULL MD5 RSAThe syntax "!SSLv3:!TLSv1:!TLSv1_1" seems to work just fine with other cipher lists. For instance, "DEFAULT:!SSLv3:!TLSv1:!TLSv1_1" works as expected, only TLS1.2 and DTLS1 ciphers appear in that list.
So why is NULL a special case here?
JGCumulonimbus
Not sure why the negation does not work, but there is a better way of achieving the same outcome, i.e. by disabling the insecure protocols via the "Options List" in your SSL profile.
